/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.tamnhat.entity;

import com.tamnhat.ws.Constants;
import com.tamnhat.report.entity.BaocaoPro;
import com.tamnhat.report.entity.Sanpham;
import com.telsoft.applet.util.StringUtil;
import java.io.Serializable;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import telsoft.admin.util.AppAuthenticator;
import telsoft.admin.util.AppServer;
import telsoft.sql.Database;

/**
 *
 * @author Administrator
 */
public class SEC_USER implements Serializable{
    private String user_id;
    private String user_name;
    private String password;

    public SEC_USER() {
    }

    public String getUser_id() {
        return user_id;
    }

    public void setUser_id(String user_id) {
        this.user_id = user_id;
    }

    public String getUser_name() {
        return user_name;
    }

    public void setUser_name(String user_name) {
        this.user_name = user_name;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }
    
    public String checkInput(){
        if (getUser_name() == null || "".equals(getUser_name()) ||  getPassword() == null || "".equals(getPassword())) {
            return Constants.MISSING_USER_OR_PWD;
        } else if (getUser_name().contains("=") ||getUser_name().contains("'") || getUser_name().contains("\"") || getUser_name().contains("--") || getPassword().contains("'") || getPassword().contains("=") || getPassword().contains("\"") || getPassword().contains("--")) {
            return Constants.ACCOUNT_NOT_CORRECT;
        }
        return Constants.SUCCESS;
    }
    
    public String checkUser() throws Exception {
        if(!checkInput().equals(Constants.SUCCESS)){
            return checkInput();
        }
        Connection cn = null;
        PreparedStatement stmt = null;
        ResultSet rs = null;
        try {
            String strSQL = "";
            cn = AppServer.getConnection();
            strSQL = "select user_id,user_name,password,full_name from SEC_USER where user_name = '" + getUser_name() + "'"            
            + " and password = '" + StringUtil.encrypt(getPassword(), "SHA") + "'";            
            stmt = cn.prepareStatement(strSQL);
            rs = stmt.executeQuery();
            if(rs.next()){
                setUser_id(rs.getString(1));
                return Constants.SUCCESS;
            }
            return Constants.ACCOUNT_NOT_CORRECT;
        }
        finally {
            Database.closeObject(rs);
            Database.closeObject(stmt);
            Database.closeObject(cn);
        }
    }
    
    public String checkProductCodeByUserId(String productId) throws Exception{
        if(getUser_id() == null || "".equals(getUser_id())){
            return Constants.PLEASE_LOGIN;
        }
        ArrayList<Sanpham> listSP = BaocaoPro.listSanpham(Long.parseLong(getUser_id()));
        if(listSP.size() == 0){
            return Constants.NOT_PERMISSION_WITH_PRODUCT;
        }
        for(int i=0;i<listSP.size();i++){
            if(listSP.get(i).getId().equals(productId)) return Constants.SUCCESS;
        }
        return Constants.NOT_PERMISSION_WITH_PRODUCT;
    }
}
